Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Powerpoint Presentation : Roles and Responsibilities

advertisement 
Roles and Responsibilities of Different Actors
Webinar for the GCCS2015
Myriam Dunn Cavelty
16 March 2015
1
Myriam Dunn Cavelty, 16 March 2015
Key Questions
• What type of actors have traditionally had what kind of roles
and responsibilities?
• How have expectations about them changed over the years?
• What are the problems that we encounter from a human
rights perspective?
• How can / should civil society get involved?
2
Myriam Dunn Cavelty, 16 March 2015
Aims of this Presentation
• To further our understanding of different expectations and
positions in the cybersecurity debate
• To enable us to better identify common grounds between the
different actors going forward
• To enable us to understand the main problems arising from
this and to design strategies for optimal civil society input
3
Myriam Dunn Cavelty, 16 March 2015
Structure of Webinar
1. A Short History of Cybersecurity Policy Concerns
2. The Main Actors:
• State
• Private Sector / Businesses
• Citizens (Civil Society)
3. The Main Issues at the Interface:
• Public-Private Partnership (State – Private Sector)
• Surveillance (State - Citizens)
4. The Way Forward
4
Myriam Dunn Cavelty, 16 March 2015
Short History of
Cybersecurity Policy
Concerns
5
Myriam Dunn Cavelty, 16 March 2015
www.css.ethz.ch
Policy Dynamics in the 1980s
• „Hacking“ comes to the attention of the policy community
• Cyber-crime interlinked with foreign intrusion/espionage →
elevated to a national security issue!
• Main concern: prevention of damaging disclosures of classified
information
• But: Problem rather limited due to nature of the information
infrastructure (no mass phenomenon)
• Main actors: Government (law enforcement) & tech
community
6
Myriam Dunn Cavelty, 16 March 2015
Policy Dynamics in the 1990s
• Increasingly networked systems, rapid technological development
(commercialisation)
• Quantitative increase in cyber-incidents (statistics)
• Gulf War 1991/92, development of Information Warfare ideas
• Critical infrastructures become focal point
• Information revolution leads to novel vulnerabilities (interdependent softwarebased control systems)
• Capabilities of “new” malicious actors seem enhanced: inexpensive, ever more
sophisticated, rapidly proliferating, easy-to-use tools in cyberspace (buzzword:
Cyber-terror)
• Asymmetry as defining feature
• Liberalization! (moves national security relevant assets away from the
government)
• Main actors: government (military and homeland defense), private
sector
7
Myriam Dunn Cavelty, 16 March 2015
Policy Dynamics in the 2000s
• Increasing quantity, quality, attention of/on attacks
• Stuxnet
• Flame
• «Mega»-Hacks
• Targeted attacks
• Non-state (Hacktivism)
• Organized crime
• State (APTs)
• Cyber-«Arms Race»
• Security Dilemma
Increasing Securitization!
= even sub-issues are turned
into national security issues
8
Myriam Dunn Cavelty, 16 March 2015
Main Actors
9
Myriam Dunn Cavelty, 16 March 2015
www.css.ethz.ch
Roles & Responsibilities in Cybersecurity
• State:
• Responsibility to protect own assets (i.e. government functions)
• Responsibility to provide security & safety
• Private Sector:
• Responsibility to protect own assets
• Responsibility to provide additional security for critical infrastructures
• Society:
• Responsibilty to protect own assets (home computers)
• Responsibility to be «aware» of the risk
• Responsibility to be a «good» cyber-citizen
Not everyone’s security is the same
10
Myriam Dunn Cavelty, 16 March 2015
The Dilemma of the State
• Power to resist vulnerability and to exploit vulnerability
disappears
• downwards (localisation),
• upwards (trans- or supranationalisation), or
• sideways (privatisation)
• State can no longer „go it alone“ – private actors increasingly
important
• Non-state actors threaten
• Non-state actors directly threatened
• Non-state actors needed for definition AND enactment of
security policy
11
Myriam Dunn Cavelty, 16 March 2015
Bureaucratic Power Politics
• Cybersecurity is seen from different perspectives
• IT-security issue
• Economic issue
• Law-enforcement issue
• National security issue
• Overlaps and no clear-cut boundaries
• Different groups within the government do not necessarily
agree on what the problem is and what needs to be protected
• The differing positions demand different allocation of
responsibility and countermeasures
12
Myriam Dunn Cavelty, 16 March 2015
Companies: a diverse bunch
• «At the forefront»
•
•
•
•
Exposed to cyberthreats daily
Some shape use of cyberspace considerably
Some directly shape cybersecurity landscape (i.e. Anti-Virus companies)
There is a lot of power in the hands of a few
• Diverse bunch of actors! Diverse set of interests
•
•
•
•
•
•
13
Different sectors
Some are Critical Infrastructure Providers
Some are Small and Medium Sized Enterprises
Some are norms shapers
Some earn money from cyber-in-security
….
Myriam Dunn Cavelty, 16 March 2015
Society: Empowered?
“On one side are the traditional, organized, institutional powers
such as governments and large multinational corporations. On the
other are the distributed and nimble: grassroots movements,
dissident groups, hackers, and criminals. Initially, the Internet
empowered the second side. It gave them a place to coordinate
and communicate efficiently, and made them seem unbeatable.
But now, the more traditional institutional powers are winning,
and winning big. How these two sides fare in the long term, and
the fate of the rest of us who don't fall into either group, is an
open question -- and one vitally important to the future of the
Internet.”
Bruce Schneier, The Battle for Power on the Internet
14
Myriam Dunn Cavelty, 16 March 2015
The Main Issues
15
Myriam Dunn Cavelty, 16 March 2015
www.css.ethz.ch
Expectations
• States expect private companies to help them guarantee national
security
• The private sector expects to make money (i.e. with our data)
• Society expects the state to provide security for everyone
State
Society
16
Myriam Dunn Cavelty, 16 March 2015
SECURI
TY
Private Sector
State Response Strategies
• State-state
• Coordination within the public sector in order to foster coherent
responses (state – state inside)
• International cooperation (state – state outside)
• Cyber-crime
• Confidence building measures
• Arms control?
• State-private sector
• Public-private collaboration to
• enable a better exchange of information
• enhance level of security
• provide incentives?
• State-society
• Public awareness campaigns
• Increasing surveillance of digital content
17
Myriam Dunn Cavelty, 16 March 2015
State – Private Sector
18
Myriam Dunn Cavelty, 16 March 2015
Different PPPs – Different Rationales for their Formation
• Information-sharing about incidents and potential countermeasures
• Early warning
• Mutual support during incidents
• Prosecution of attackers
• Joint funding of R&D or awareness-raising campaigns
• Joint policy development and strategy building
19
Myriam Dunn Cavelty, 16 March 2015
Public Private Partnerships
• PPP concept originally developed in a completely different context: in the
field of administrative reform in the 1980s (New Public Management)
• Subsequently, PPP concept adopted uncritically by many governments for
CIP policy at the end of the 1990s
• Cooperation programs following the PPP prototype are part of all existing
initiatives in the field of CI(I)P
• Some successfully facilitate i.e. the exchange of information between both sides
• Others, however, have scarcely generated more than joint statements of intent
of the actors involved
• This causes a number of problems in the implementation of such forms of
cooperation and causes feelings of disillusionment
20
Myriam Dunn Cavelty, 16 March 2015
4 Problems
• Diverging interests
• Trust
• Costs
• Voluntary character
21
Myriam Dunn Cavelty, 16 March 2015
State – Citizens
22
Myriam Dunn Cavelty, 16 March 2015
The Social Contract
23
Myriam Dunn Cavelty, 16 March 2015
Liberty
Security
social and political freedoms
guaranteed to all citizens
power and privileges given to
state
Balance is chosen in a process of
social/political negotiation
24
Myriam Dunn Cavelty, 16 March 2015
The End of Certainty
Actor
?
Potential
25
Intention
Myriam Dunn Cavelty, 16 March 2015
•
Cold War: Threat direct, intended, knowable/known
•
Today: Threat indirect, unintended, uncertain,
unknown
•
No longer Threats but diffuse Risks
•
Security paradigm changes from defense towards
risk prevention
•
State reaction:
• Focus on vulnerabilities (of society /
infrastructure)
• Data collection
• Target: anyone, because everyone is potentially
dangerous
The Surveillance «Dilemma»
Fundamentally insecure technologies that
penetrate more and more parts of our lives
Increased insecurities in security politics
(risks)
• Data hunger!
• Easily collectable data about the behavior of everyone
• Most people generate this data willing (convenience, beneftis, etc.)
• New algorithms that try to predict behavior
26
Myriam Dunn Cavelty, 16 March 2015
Security Dilemma
• National security considerations in and through cyberspace are
increasing in (strategic) importance
• Data collection in and through cyberspace is increasing due to
national security reasons
• The focus on the state and “its” security crowds out consideration
for the security of the individual citizen.
• The type of security currently produced is often not security
(directly) relevant to the people = A problem for human security is
created
27
Myriam Dunn Cavelty, 16 March 2015
The Way Forward
28
Myriam Dunn Cavelty, 16 March 2015
www.css.ethz.ch
Role for Civil Society
• Given range of legitimacy and normative concerns, even
deeper engagement of civil society than in other areas seems
desirable
• Civil society organizations can rally together to help break
down barriers to engagement and ensure more qualitative and
inclusive multi-lateral processes.
• Should focus on enhancing their role with regards to:
• i) Engaging Effectively;
• ii) Fostering Transparency and Accountability; and
• iii) Deepening Knowledge.
29
Myriam Dunn Cavelty, 16 March 2015
Role for Civil Society
• Combined, these measures can
• strengthen the legitimacy and sustainability of on-going
processes;
• ensure that broader normative concerns are attended to,
and that the right technical expertise is leveraged when
solutions are being sought; and
• ultimately help build trust between states and between
state and society.
30
Myriam Dunn Cavelty, 16 March 2015
Contact Information
Thank you!
Dr. Myriam Dunn Cavelty
Center for Security Studies, ETH Zurich
CH-8092 Zürich
Switzerland
dunn@sipo.gess.ethz.ch
31
Myriam Dunn Cavelty, 16 March 2015
Related documents
New! Slide show: The Races
New! Slide show: The Races
Here are the dates and locations for the Special Education Parent
Here are the dates and locations for the Special Education Parent
Old fashioned obituaries can be rich sources of information, not only
Old fashioned obituaries can be rich sources of information, not only
Government Final Exam Review Sheet
Government Final Exam Review Sheet
Writing-About-Sacred-Spaces-Using-Stephen-Dunn
Writing-About-Sacred-Spaces-Using-Stephen-Dunn
The Jungle Journal
The Jungle Journal
PSMG302 Public Policy & Analysis
PSMG302 Public Policy & Analysis
Why Manage Your Records Project?
Why Manage Your Records Project?
Investigating the Five Practices in Action
Investigating the Five Practices in Action
Download
advertisement